cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
7186
Views
5
Helpful
8
Replies

How to Config management interface on ASR 1001

Hi

 

I am looking for the basic steps to configure the management port on an ASR 1001. What I am trying to do is connect the management port from my ASR 1001 to an Dell 4820T switch port, and be able to access the ASR 1001 from the switch.

The Rook
2 ACCEPTED SOLUTIONS

Accepted Solutions
Flavio Miranda
Advisor

Hello,

  On the ASR 1001:

Router#config t

Router(config)#interface gigabitethernet0

Router(config-if)#ip address A.B.C.D A.B.C.D

ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0   "Dell 4820T IP address "

 

Ont the Dell 4820T  you can config on Interface vlan with the same IP range you configured on gigabitethernet0 of ASR 1001.

Prepare one port on Dell 4820T and put it on the vlan you just created. 

Connect both switchs.

Config you machine on the same IP range.

plug you machine on the same vlan you created on Dell.

Access ASR 1001 using gigabitethernet0 IP address.

 

Hope that help.

View solution in original post


Router(config)# transport-map type persistent ssh sshhandler
Router(config-tmap)# connection wait allow interruptible
Router(config-tmap)# rsa keypair-name sshkeys
Router(config-tmap)# authentication-retries 1
Router(config-tmap)# transport interface gigabitethernet 0
Router(config-tmap)# exit
Router(config)# transport type persistent ssh input sshhandler
Or with telnet:

Router(config)# transport-map type persistent telnet telnethandler
Router(config-tmap)# connection wait allow interruptible
Router(config-tmap)# transport interface gigabitethernet 0
Router(config-tmap)# exit
Router(config)# transport type persistent telnet input telnethandler

View solution in original post

8 REPLIES 8
Georg Pauwen
VIP Expert

Hello,

the management port is GigabitEthernet0. You can assign an IP address to that interface, however, keep in mind that it is put in its own VRF, Mgmt-intf.

Check the below document for reference:

https://www.cisco.com/c/en/us/td/docs/routers/asr1000/configuration/guide/chassis/asr1000-software-config-guide/mgmt-ether-asr.pdf

Flavio Miranda
Advisor

Hello,

  On the ASR 1001:

Router#config t

Router(config)#interface gigabitethernet0

Router(config-if)#ip address A.B.C.D A.B.C.D

ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0   "Dell 4820T IP address "

 

Ont the Dell 4820T  you can config on Interface vlan with the same IP range you configured on gigabitethernet0 of ASR 1001.

Prepare one port on Dell 4820T and put it on the vlan you just created. 

Connect both switchs.

Config you machine on the same IP range.

plug you machine on the same vlan you created on Dell.

Access ASR 1001 using gigabitethernet0 IP address.

 

Hope that help.

View solution in original post

Thanks , I will give this a try

The Rook

That works now, however I can not telnet to the ASR. Should I be able to telnet to ASR once Management Port has been configure?

 

Here is my VTY Line Setup:

 


line con 0
privilege level 15
logging synchronous level 2 limit 20
stopbits 1
line aux 0
no exec
stopbits 1
line vty 0
access-class 8 in vrf-also
exec-timeout 40 0
privilege level 15
password 7 107A243D41433F2E38360A
no activation-character
logging synchronous level 2 limit 20
no exec
transport preferred none
transport input all
stopbits 1
line vty 1
access-class 8 in vrf-also
exec-timeout 40 0
privilege level 15
password 7 107A243D41433F2E38360A
logging synchronous level 2 limit 20
no exec
transport input all
line vty 2 4
access-class 8 in vrf-also
exec-timeout 40 0
privilege level 15
password 7 107A243D41433F2E38360A
logging synchronous level 2 limit 20
transport input all
line vty 5 15
access-class 8 in vrf-also
password 7 107A243D41433F2E38360A
transport input all

The Rook

You should SSH instead. Telnet is not safe.

 

ip domain-name domainname.com

username USERNAME password PASSWORD

crypto key generate rsa

 line vty 0 15

 login local

transport input all

I would like to do SSH however, I do not have the crypto command in my IOS

The Rook


Router(config)# transport-map type persistent ssh sshhandler
Router(config-tmap)# connection wait allow interruptible
Router(config-tmap)# rsa keypair-name sshkeys
Router(config-tmap)# authentication-retries 1
Router(config-tmap)# transport interface gigabitethernet 0
Router(config-tmap)# exit
Router(config)# transport type persistent ssh input sshhandler
Or with telnet:

Router(config)# transport-map type persistent telnet telnethandler
Router(config-tmap)# connection wait allow interruptible
Router(config-tmap)# transport interface gigabitethernet 0
Router(config-tmap)# exit
Router(config)# transport type persistent telnet input telnethandler

View solution in original post

Hi Flavio 

 transport-map doesn't restrict SSH connection to an interface, the feature itself doesn't seem very helpful.

 such a pitty that MPP with "control-plane host" feature does not exist anymore in IOS-XE (this was good to have the possibility to limit SSH connection to a single port) !